Site-to-Site VPN 2.0 Requirements

1 Background

Site-to-Site VPN feature is currently available in CloudStack release. Site-to-Site VPN features allow users to establish a secure connection between a Cloud infrastructure and their own enterprise Datacenter. The feature allows users to create a VPN Tunnel between CloudStack’s Virtual Router and a physical device on the other side. This feature was supported for Cisco ISR and Juniper J-Series Routers.

This requirements document covers the additional capabilities that customers/users would like to see as enhancements to existing feature set.

Use Cases:

Deploying applications in multiple AZ: Users would want to deploy their applications in multiple Availability Zones and would like to connect using a Site-to-Site VPN Tunnel.

Proactive Tunnel Monitoring: Users want to know when their VPN Tunnel has gone down so that they can respond to these events limiting the application downtime.

2 Requirements

Allow a Site-to-Site VPN tunnel to be established between VR to VR. Currently, only one side of the tunnel can be a Virtual Router and the other side is expected to be a Cisco ISR or a Juniper J-Series Routers.

Users would also like CloudStack to monitor the tunnel state and get notified when a VPN tunnel goes up/down.

3 UI / UX Requirements

As part of VPC setup, allow administrator to create a Site-to-Site VPN Tunnel between two Virtual Routers

Alert the user when a Tunnel goes down/up.

4 Upgrade Scenarios

Following upgrade scenarios should be supported:

No upgrade scenarios need to be handled, as this is a new functionality.